Of Stack

Configuration details for adding an authentication password to a web site or directory on the Nginx server

  • 2020-05-10 23:26:09
  • OfStack

nginx can set up password authentication for web sites or directories or even specific files. The password must be encrypted by crypt. You can use apache's htpasswd to create a password.

Format for: 


htpasswd -b -c site_pass username password

site_pass is the password file. You can put it in the same directory as the nginx configuration file, but you can also put it in other directories. In the nginx configuration file, you need to specify the absolute address or the address relative to the current directory.

If the htpasswd command prompt does not find the command, you need to install httpd. If it's centos you can do it like down here, 


yum install httpd

If you don't want to install httpd, you can use the perl script (see the code below) 


#! /usr/bin/perl -w  
#filename: add_ftp_user.pl  
use strict;  
#  
print "#example: user:passwd\n";  
while (<STDIN>) {  
  exit if ($_ =~/^\n/);  
  chomp;  
  (my $user, my $pass) = split /:/, $_, 2;  
  my $crypt = crypt $pass, '$1$' . gensalt(8);  
  print "$user:$crypt\n";  
}  
sub gensalt {  
  my $count = shift;  
  my @salt = ('.', '/', 0 .. 9, 'A' .. 'Z', 'a' .. 'z');  
  my $s;  
  $s .= $salt[rand @salt] for (1 .. $count);  
  return $s;  
}
Give the script executable permissions: 

chmod o+x add_user.pl

Script usage: 


./add_user.pl
user:password

To generate user name password paste to/usr/local/nginx/conf/vhost/nginx_passwd file

If you want to authenticate your site, you can write the authentication statement directly in the server configuration section of nginx.

If you want to authenticate a directory, you need to write it as a directory. Also, add php execution to the directory, otherwise php will be downloaded and not executed.

For example: auth_basic before php explains, based on the authentication of the entire site. 


server  
{  
  listen 80;  
  server_name www.ofstack.com ofstack.com;  
  root /www/ofstack.com;  
  index index.html index.htm index.php;  
  auth_basic "input you user name and password";  
  auth_basic_user_file /usr/local/nginx/conf/vhost/nginx_passwd;  
  location ~ .php$  
  {  
    fastcgi_pass 127.0.0.1:9000;  
    fastcgi_index index.php;  
    include fastcgi_params;  
  }  
  location ~ /\.ht  
  {  
    deny all;  
  }  
  access_log /logs/ofstack.com_access.log main;  
}

For directory authentication, in a separate location, and in this location is nested an location that interprets php, otherwise the php file will not be executed and will be downloaded. auth_basic after the nested location. 


server  
{  
  listen 80;  
  server_name www.ofstack.com ofstack.com;  
  root /www/ofstack.com;  
  index index.html index.htm index.php;  
  location ~ ^/admin/.*  
  {  
  location ~ \.php$  
  {  
    fastcgi_pass 127.0.0.1:9000;  
    fastcgi_index index.php;  
    include fastcgi_params;  
  }  
  auth_basic "auth";  
  auth_basic_user_file /usr/local/nginx/conf/vhost/auth/admin.pass;  
  }  
  location ~ .php$  
  {  
    fastcgi_pass 127.0.0.1:9000;  
    fastcgi_index index.php;  
    include fastcgi_params;  
  }  
  location ~ /\.ht  
  {  
    deny all;  
  }  
  access_log /logs/ofstack.com_access.log main;  
}

Here is a detail, which is location ~ ^/admin/.* {... } protects all files in the admin directory. If you only set /admin/, you can just type /admin/ index.php will still be accessible and running. ^/admin/.* means to protect all files in this directory. Of course, only one authentication is required. You don't have to authenticate 1 for every request or every file requested.

htpasswd

Since htpasswd is used, I'd like to introduce the basic usage of htpasswd.
htpasswd parameters

-c creates passwdfile. If passwdfile already exists, it will re-write and delete the original content.
-n does not update passwordfile, but displays the password directly
-m encrypted with MD5 (default)
-d encrypted with CRYPT (default)
-p USES plain text for passwords
-s is encrypted using SHA
-b command line 1 and enter the username and password instead of following the prompt to enter the password. You can see the clear text and do not need to interact
-D deletes the specified user
The instance
1. How to add users using the htpasswd command? 


# /usr/local/apache/bin/htpasswd -bc linuxeye_pd linuxeye_user linuxeye_password
Adding password for user linuxeye_user
# cat linuxeye_pd
linuxeye_user:$apr1$Mugpp3FE$zGsi7/JfQIhFXPlgqo/Wx/

Generate 1 linuxeye_pd file in the current directory, with the user name linuxeye_user and password linuxeye_password. The default encryption method is MD5

2. How to add the next user in the original password file? 


# /usr/local/apache/bin/htpasswd -b linuxeye_pd linuxeye.com linuxeye.com
Adding password for user linuxeye.com
# cat linuxeye_pd
linuxeye_user:$apr1$Mugpp3FE$zGsi7/JfQIhFXPlgqo/Wx/
linuxeye.com:$apr1$/8EUOPYI$4MBxYpzotrSDcTTDZvTeT0

1 must remove the -c option, otherwise overwrite the password file and create it again

3. How to display only the encrypted user name and password without updating the password file? 


# /usr/local/apache/bin/htpasswd -n linuxeye
New password:
Re-type new password:
linuxeye:$apr1$bZ6Gclc4$zKRap.0BADzZIxLoxpDNv0
 
# /usr/local/apache/bin/htpasswd -nb linuxeye linuxeye_password
linuxeye:$apr1$yvngdKGV$QrnlriJ.MxIu52Vmo.ROE1

4. How to use the htpasswd command to delete user names and passwords? 


yum install httpd
0

5. How do I change my password using the htpasswd command? 


yum install httpd
1

Related articles: